EPSS
Percentile
35.7%
Best Practical Request Tracker is vulnerable to cross-site scripting. The vulnerability exists via a crafted content type for an attachment which allows an attacker to inject and execute arbitrary javascript.
docs.bestpractical.com/release-notes/rt/4.4.6
docs.bestpractical.com/release-notes/rt/5.0.3
docs.bestpractical.com/release-notes/rt/index.html
security-tracker.debian.org/tracker/CVE-2022-25802